Month: August 2018

Webuzo Team has launched MySQL 8.0, the latest version of MySQL. It is available for both Ubuntu and CentOS.

A lot of important new features have been added in this version. You will find everything you need to know about these amazing new features on this link https://dev.mysql.com/doc/refman/8.0/en/mysql-nutshell.html

Please note these following points:

– Currently, We are not providing upgrades to MySQL 8.0 from any version of MySQL, Percona or MariaDB.
– Only Fresh installation’s of MySQL 8.0 are allowed, so If you have an existing Database then you may not be able to install MySQL 8.0
– Since we are installing MySQL 8.0 from the Vendor’s repo itself, MySQL will update itself whenever the OS updates.

Let us know if you have any queries regarding MySQL 8.0 in the comment section.

11) If PHP is running as a service, then editing it’s config file will trigger a restart.

12) Webuzo and numerous other Application service files have been updated so that the service will start up even after a hard reboot. It’s recommended to update all the Applications to the latest version.

13) When multiple Web Servers were installed, restarting the server would cause the non-default Web Server to start up on some servers, this is now fixed.

14) Let’s Encrypt certificate used for the panel was not reloaded after the renewal process, required a manual restart of the Webuzo service, this is now done automatically.

CVE-2018-0732:
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

CVE-2018-0737:
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).